Secure data management has been supported for many years. Generally, there are two classes of file security mechanisms. One file security mechanism relies on a standalone computer application that receives a file from a file system. Typically, the file received from the file system is non-encrypted. The standalone application encrypts the file and writes an encrypted version of the file back to a computer readable medium. It is clearly understood that the original file is stored on the computer readable medium in a non-encrypted manner. Consequently, there is no security offered because non-encrypted data can easily be compromised from the computer readable medium. It is only when the non-encrypted file is destroyed that the encrypted version of the file is somewhat secure. This form of encryption is also quite suitable when an encrypted version of the file is sent by electronic mail.
Another form of file security offers a much more transparent means for encrypting files that are stored on a computer readable medium. Typically, this type of file security is integrated into an operating system. It should be appreciated that an operating system typically includes a file system. The file system is responsible for managing files that are stored on a computer readable medium. In most instances, the computer readable medium is organized into a volume by a volume manager. The volume manager is responsible for managing the available storage provided by a computer readable medium. As such, the file system relies on the volume manager whenever it needs access to storage capacity provided by the computer readable medium. As such, a file system is organized (i.e. mounted) on top of a volume. The volume becomes the file system boundary in terms of available blocks and file system size.
In one typical system, the volume manager creates an encrypted volume. The volume manager then provides encryption at the volume level. As such, files that are created and managed in an encrypted volume are less susceptible to compromise because all of the data in the volume is encrypted. One problem with such volume level encryption is that all of the data stored in the volume is typically protected by only one encryption key. In the event that the one encryption key is somehow compromised, the security provided by the otherwise encrypted volume is lost.